//***************************************************************************
// Licensed Materials - Property of IBM
//
// Governed under the terms of the International
// License Agreement for Non-Warranted Sample Code.
//
// (C) COPYRIGHT International Business Machines Corp. 1997 - 2006
// All Rights Reserved.
//
// US Government Users Restricted Rights - Use, duplication or
// disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
//***************************************************************************
//
// SOURCE FILE NAME: JCCSimpleCredential.java
//
// SAMPLE: This file is used by JCCSimpleGSSPlugin to implement a JCC
//         GSS-API plugin sample
//
// OUTPUT FILE: None
//***************************************************************************
//
// For more information on the sample programs, see the README file.
//
// For information on developing JDBC applications, see the Application
// Development Guide.
//
// For information on using SQL statements, see the SQL Reference.
//
// For the latest information on programming, compiling, and running DB2
// applications, visit the DB2 application development website at
//     http://www.software.ibm.com/data/db2/udb/ad
//**************************************************************************/

import java.io.InputStream;
import java.io.OutputStream;
import org.ietf.jgss.*;

public  class JCCSimpleGSSCredential implements org.ietf.jgss.GSSCredential
{
  private String userid_;
  private String password_;

  public JCCSimpleGSSCredential(String uid, String pwd)
  {
    userid_ = uid;
    password_ = pwd;
  }

  public String getUserid()
  {
    return userid_;
  }
  public String getPassword()
  {
    return password_;
  }


  /**
   * Releases any sensitive information that the GSSCredential object may
   * be containing.  Applications should call this method as soon as the
   * credential is no longer needed to minimize the time any sensitive
   * information is maintained.
   *
   * @throws GSSException containing the following
   * major error codes:
   *         {@link GSSException#FAILURE GSSException.FAILURE}
   */
  public void dispose() throws GSSException  //this is equivalent to gss_release_cred
  {
    userid_ = null;
    password_ = null;
  }

  /**
   *  Retrieves the name of the entity that the credential asserts.
   *
   * @return a GSSName representing the entity
   *
   * @throws GSSException containing the following
   * major error codes:
   *         {@link GSSException#FAILURE GSSException.FAILURE}
   */
  public GSSName getName() throws GSSException
  {
    return new JCCSimpleGSSName(userid_);
  }

  /**
   * Retrieves a Mechanism Name of the entity that the credential
   * asserts. This is equivalent to calling {@link
   * GSSName#canonicalize(Oid) canonicalize} on the value returned by
   * the other form of {@link #getName() getName}.
   *
   * @param mech the Oid of the mechanism for which the Mechanism Name
   * should be returned.
   * @return a GSSName representing the entity canonicalized for the
   * desired mechanism
   *
   * @throws GSSException containing the following
   * major error codes:
   *         {@link GSSException#BAD_MECH GSSException.BAD_MECH},
   *         {@link GSSException#FAILURE GSSException.FAILURE}
   */
  public GSSName getName(Oid mech) throws GSSException
  {
    throw new JCCSimpleGSSException(0,"getName(Oid mech) method isn't implemented.");
  }

  /**
   * Returns the remaining lifetime in seconds for a credential.  The
   * remaining lifetime is the minimum lifetime amongst all of the underlying
   * mechanism specific credential elements.
   *
   * @return the minimum remaining lifetime in seconds for this
   * credential. A return value of {@link #INDEFINITE_LIFETIME
   * INDEFINITE_LIFETIME} indicates that the credential does
   * not expire. A return value of 0 indicates that the credential is
   * already expired.
   *
   * @see #getRemainingInitLifetime(Oid)
   * @see #getRemainingAcceptLifetime(Oid)
   *
   * @throws GSSException containing the following
   * major error codes:
   *         {@link GSSException#FAILURE GSSException.FAILURE}
   */
  public int getRemainingLifetime() throws GSSException
  {
    return INDEFINITE_LIFETIME;
  }

  /**
   * Returns the lifetime in seconds for the credential to remain capable
   * of initiating security contexts using the specified mechanism. This
   * method queries the initiator credential element that belongs to the
   * specified mechanism.
   *
   * @return the number of seconds remaining in the life of this credential
   * element. A return value of {@link #INDEFINITE_LIFETIME
   * INDEFINITE_LIFETIME} indicates that the credential element does not
   * expire.  A return value of 0 indicates that the credential element is
   * already expired.
   *
   * @param mech the Oid of the mechanism whose intiator credential element
   * should be queried.
   *
   * @throws GSSException containing the following
   * major error codes:
   *         {@link GSSException#BAD_MECH GSSException.BAD_MECH},
   *         {@link GSSException#FAILURE GSSException.FAILURE}
   */
  public int getRemainingInitLifetime(Oid mech) throws GSSException
  {
    return INDEFINITE_LIFETIME;
  }

  /**
   * Returns the lifetime in seconds for the credential to remain capable
   * of accepting security contexts using the specified mechanism. This
   * method queries the acceptor credential element that belongs to the
   * specified mechanism.
   *
   * @return the number of seconds remaining in the life of this credential
   * element. A return value of {@link #INDEFINITE_LIFETIME
   * INDEFINITE_LIFETIME} indicates that the credential element does not
   * expire.  A return value of 0 indicates that the credential element is
   * already expired.
   *
   * @param mech the Oid of the mechanism whose acceptor credential element
   * should be queried.
   *
   * @throws GSSException containing the following
   * major error codes:
   *         {@link GSSException#BAD_MECH GSSException.BAD_MECH},
   *         {@link GSSException#FAILURE GSSException.FAILURE}
   */
  public int getRemainingAcceptLifetime(Oid mech) throws GSSException
  {
    return INDEFINITE_LIFETIME;
  }

  /**
   * Returns the credential usage mode. In other words, it
   * tells us if this credential can be used for initiating or accepting
   * security contexts. It does not tell us which mechanism(s) has to be
   * used in order to do so. It is expected that an application will allow
   * the GSS-API to pick a default mechanism after calling this method.
   *
   * @return The return value will be one of {@link #INITIATE_ONLY
   * INITIATE_ONLY}, {@link #ACCEPT_ONLY ACCEPT_ONLY}, and {@link
   * #INITIATE_AND_ACCEPT INITIATE_AND_ACCEPT}.
   *
   * @throws GSSException containing the following
   * major error codes:
   *         {@link GSSException#FAILURE GSSException.FAILURE}
   */
  public int getUsage() throws GSSException
  {
    return INITIATE_AND_ACCEPT;
  }

  /**
   * Returns the credential usage mode for a specific mechanism. In other
   * words, it tells us if this credential can be used
   * for initiating or accepting security contexts with a given underlying
   * mechanism.
   *
   * @return The return value will be one of {@link #INITIATE_ONLY
   * INITIATE_ONLY}, {@link #ACCEPT_ONLY ACCEPT_ONLY}, and {@link
   * #INITIATE_AND_ACCEPT INITIATE_AND_ACCEPT}.
   * @param mech the Oid of the mechanism whose credentials usage mode is
   * to be determined.
   *
   * @throws GSSException containing the following
   * major error codes:
   *         {@link GSSException#BAD_MECH GSSException.BAD_MECH},
   *         {@link GSSException#FAILURE GSSException.FAILURE}
   */
  public int getUsage(Oid mech) throws GSSException
  {
    return INITIATE_AND_ACCEPT;
  }

  /**
   * Returns a list of mechanisms supported by this credential. It does
   * not tell us which ones can be used to initiate
   * contexts and which ones can be used to accept contexts. The
   * application must call the {@link #getUsage(Oid) getUsage} method with
   * each of the returned Oid's to determine the possible modes of
   * usage.
   *
   * @return an array of Oid's corresponding to the supported mechanisms.
   *
   * @throws GSSException containing the following
   * major error codes:
   *         {@link GSSException#FAILURE GSSException.FAILURE}
   */
  public Oid[] getMechs() throws GSSException
  {
    throw new JCCSimpleGSSException(0,"getMechs() is not implemented");
  }

  /**
   * Adds a mechanism specific credential-element to an existing
   * credential.  This method allows the construction of credentials, one
   * mechanism at a time.<p>
   *
   * This routine is envisioned to be used mainly by context acceptors
   * during the creation of acceptor credentials which are to be used
   * with a variety of clients using different security mechanisms.<p>
   *
   * This routine adds the new credential element "in-place".  To add the
   * element in a new credential, first call <code>clone</code> to obtain a
   * copy of this credential, then call its <code>add</code> method.<p>
   *
   * As always, GSS-API implementations must impose a local access-control
   * policy on callers to prevent unauthorized callers from acquiring
   * credentials to which they are not entitled.
   *
   * Non-default values for initLifetime and acceptLifetime cannot always
   * be honored by the underlying mechanisms, thus callers should be
   * prepared to call {@link #getRemainingInitLifetime(Oid)
   * getRemainingInitLifetime} and {@link #getRemainingAcceptLifetime(Oid)
   * getRemainingAcceptLifetime} on the credential.
   *
   * @param name the name of the principal for whom this credential is to
   * be acquired.  Use <code>null</code> to specify the default
   * principal.
   * @param initLifetime the number of seconds that the credential element
   * should remain valid for initiating of security contexts. Use {@link
   * GSSCredential#INDEFINITE_LIFETIME GSSCredential.INDEFINITE_LIFETIME}
   * to request that the credentials have the maximum permitted lifetime
   * for this.  Use {@link GSSCredential#DEFAULT_LIFETIME
   * GSSCredential.DEFAULT_LIFETIME} to request default credential lifetime
   * for this.
   * @param acceptLifetime the number of seconds that the credential
   * element should remain valid for accepting security contexts. Use {@link
   * GSSCredential#INDEFINITE_LIFETIME GSSCredential.INDEFINITE_LIFETIME}
   * to request that the credentials have the maximum permitted lifetime
   * for this.  Use {@link GSSCredential#DEFAULT_LIFETIME
   * GSSCredential.DEFAULT_LIFETIME} to request default credential lifetime
   * for this.
   * @param mech the mechanism over which the credential is to be acquired.
   * @param usage the usage mode that this credential
   * element should add to the credential. The value
   * of this parameter must be one of:
   * {@link #INITIATE_AND_ACCEPT INITIATE_AND_ACCEPT},
   * {@link #ACCEPT_ONLY ACCEPT_ONLY}, and
   * {@link #INITIATE_ONLY INITIATE_ONLY}.
   *
   * @throws GSSException containing the following
   * major error codes:
   *         {@link GSSException#DUPLICATE_ELEMENT
   *                          GSSException.DUPLICATE_ELEMENT},
   *         {@link GSSException#BAD_MECH GSSException.BAD_MECH},
   *         {@link GSSException#BAD_NAMETYPE GSSException.BAD_NAMETYPE},
   *         {@link GSSException#NO_CRED GSSException.NO_CRED},
   *         {@link GSSException#CREDENTIALS_EXPIRED
   *                                  GSSException.CREDENTIALS_EXPIRED},
   *         {@link GSSException#FAILURE GSSException.FAILURE}
   */
  public void add(GSSName name, int initLifetime, int acceptLifetime,
                  Oid mech, int usage) throws GSSException
  {
    throw new JCCSimpleGSSException(0,"add(GSSName name, int initLifetime, int acceptLifetime,Oid mech, int usage) is not implemented");
  }

  /**
   * Tests if this GSSCredential asserts the same entity as the supplied
   * object.  The two credentials must be acquired over the same
   * mechanisms and must refer to the same principal.
   *
   * @return <code>true</code> if the two GSSCredentials assert the same
   * entity; <code>false</code> otherwise.
   * @param another another GSSCredential for comparison to this one
   */
  public boolean equals(Object another)
  {
    if (another instanceof JCCSimpleGSSCredential)
      return (userid_ == ((JCCSimpleGSSCredential)another).getUserid() && password_ == ((JCCSimpleGSSCredential)another).getPassword());
    else
      return false;

  }

  /**
   * Returns a hashcode value for this GSSCredential.
   *
   * @return a hashCode value
   */
  public int hashCode()
  {
    //not used by JCC. return 0
    return 0;
  }


}
